[1365] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, December 5, 2008
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Fri Dec 5 15:34:29 2008
Message-Id: <FC60ADB9-07F6-4C51-BA57-2833E1224A18@mit.edu>
From: Monique Yeaton <myeaton@mit.edu>
To: ist-security-fyi@mit.edu
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Fri, 5 Dec 2008 15:29:49 -0500
Content-Type: multipart/mixed; boundary="===============0268783608=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============0268783608==
Content-Type: multipart/alternative; boundary=Apple-Mail-50--1053797138
--Apple-Mail-50--1053797138
Content-Type: text/plain;
charset=US-ASCII;
format=flowed;
delsp=yes
Content-Transfer-Encoding: 7bit
In this issue:
1. Apple Issues Update for iPhone, iPod Touch
2. Leaving a Digital Trail: What About Privacy?
3. Update: Advanced SANS Forensics Course
-----------------------------------------------------------
1. Apple Issues Update for iPhone, iPod Touch
-----------------------------------------------------------
Apple released an update for the iPhone and the iPod touch. In
addition to new features, the update incorporates security patches for
a dozen vulnerabilities, including two iPhone data exposure problems.
The first of these was noted in August and allows someone with
physical access to a passcode-locked device to launch applications
without needing to know the passcode. The second is a vulnerability
that exposes incoming SMS messages if the iPhone is set to emergency
call mode. Other vulnerabilities addressed in the update include
remote code execution flaws in the way the device handles image files
and web pages.
[Source: SANS NewsBites]
Read full story here:
<http://www.vnunet.com/vnunet/news/2231088/apple-releases-iphone-update>
<http://news.cnet.com/8301-1009_3-10105450-83.html>
----------------------------------------------------------
2. Leaving a Digital Trail: What About Privacy?
----------------------------------------------------------
A story featured in The Tech earlier this week, and was originally
published in the New York Times, discusses a study being conducted at
Random Hall at MIT, in which students exchange privacy for smart
phones that generate digital trails to be beamed to a central
computer. Data is collected as the basis for an emerging field called
collective intelligence.
It does make one wonder about the future of privacy, or lack thereof,
in this electronic age. Read the full story here:
<http://tech.mit.edu/V128/N59/privacy.html>
To show that using these types of digital trails for specific purposes
is not so far-fetched, also read this other New York Times article,
which follows how MetroCards in NYC are being used to trace murder
suspects:
<http://www.nytimes.com/2008/11/19/nyregion/19metrocard.html?_r=1&th&emc=th
>
----------------------------------------------------------
3. Update: Advanced SANS Forensics Course
----------------------------------------------------------
As a reader of this newsletter pointed out earlier this week, the
Advanced SANS Forensics course <http://www.sans.org/info/30523> is
available at a discount, if more than one person from an organization
is attending.
According to the group registration information on the site:
SANS Local Mentor Program is pleased to offer two (2) or more Students
who work at the same organization, a Group Discount tuition fee. To
obtain the Group Discount fee and Registration Code offered for this
course, contact tuition@sans.org PRIOR to registering and provide the
names and e-mail addresses of all the students registering within your
organization.
So, if you ARE interested in attending, or know of anyone, please
reply to <ist-security-fyi@mit.edu> so that a potential list can be
collected before registering.
=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security
--Apple-Mail-50--1053797138
Content-Type: text/html;
charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><div><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; ">In this issue:</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">1. =
Apple Issues Update for iPhone, iPod Touch</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; ">2. Leaving a Digital =
Trail: What About Privacy?</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">3. Update: Advanced SANS =
Forensics Course</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; =
">-----------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">1. =
Apple Issues Update for iPhone, iPod Touch</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; =
">-----------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Apple released an update for the =
iPhone and the iPod touch. In addition to new features, the update =
incorporates security patches for a dozen vulnerabilities, including two =
iPhone data exposure problems. The first of these was noted in August =
and allows someone with physical access to a passcode-locked device to =
launch applications without needing to know the passcode. The second is =
a vulnerability that exposes incoming SMS messages if the iPhone is set =
to emergency call mode. Other vulnerabilities addressed in the update =
include remote code execution flaws in the way the device handles image =
files and web pages.</div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">[Source: SANS NewsBites]</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; color: rgb(33, 81, 170); =
min-height: 17px; "><span style=3D"text-decoration: =
underline"></span><br></div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">Read full story here:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
color: rgb(33, 81, 170); "><span style=3D"color: #000000"><<a =
href=3D"http://www.vnunet.com/vnunet/news/2231088/apple-releases-iphone-up=
date"><span style=3D"text-decoration: =
underline">http://www.vnunet.com/vnunet/news/2231088/apple-releases-iphone=
-update</span></a>></span></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; color: rgb(33, 81, 170); "><span =
style=3D"color: #000000"><<a =
href=3D"http://news.cnet.com/8301-1009_3-10105450-83.html"><span =
style=3D"text-decoration: =
underline">http://news.cnet.com/8301-1009_3-10105450-83.html</span></a>></=
span></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; color: rgb(33, 81, 170); min-height: 17px; =
"><span style=3D"text-decoration: underline"></span><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; =
">----------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">2. =
Leaving a Digital Trail: What About Privacy?</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">----------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">A story featured in The Tech =
earlier this week, and was originally published in the New York Times, =
discusses a study being conducted at Random Hall at MIT, in which =
students exchange privacy for smart phones that generate digital trails =
to be beamed to a central computer. Data is collected as the basis for =
an emerging field called collective intelligence.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">It does make one wonder about the =
future of privacy, or lack thereof, in this electronic age. Read the =
full story here:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
"><<a =
href=3D"http://tech.mit.edu/V128/N59/privacy.html">http://tech.mit.edu/V12=
8/N59/privacy.html</a>></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">To =
show that using these types of digital trails for specific purposes is =
not so far-fetched, also read this other New York Times article, which =
follows how MetroCards in NYC are being used to trace murder =
suspects:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
"><<a =
href=3D"http://www.nytimes.com/2008/11/19/nyregion/19metrocard.html?_r=3D1=
&th&emc=3Dth">http://www.nytimes.com/2008/11/19/nyregion/19metroca=
rd.html?_r=3D1&th&emc=3Dth</a>></div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; min-height: 17px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">----------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">3. =
Update: Advanced SANS Forensics Course</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; =
">----------------------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">As a reader of this newsletter =
pointed out earlier this week, the Advanced SANS Forensics course =
<<span style=3D"text-decoration: underline ; color: #2151aa"><a =
href=3D"http://www.sans.org/info/30523">http://www.sans.org/info/30523</a>=
</span>> is available at a discount, if more than one person from an =
organization is attending. </div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">According to the group registration information on the site:</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">SANS Local Mentor Program is pleased to offer two (2) or more Students =
who work at the same organization, a Group Discount tuition fee. To =
obtain the Group Discount fee and Registration Code offered for this =
course, contact <a href=3D"mailto:tuition@sans.org">tuition@sans.org</a> =
PRIOR to registering and provide the names and e-mail addresses of all =
the students registering within your organization. </div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">So, if you ARE interested in =
attending, or know of anyone, please reply to <<a =
href=3D"mailto:ist-security-fyi@mit.edu">ist-security-fyi@mit.edu</a>> =
so that a potential list can be collected before =
registering. </div><div><br></div><div apple-content-edited=3D"true">=
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 14px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><div =
style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; border-spacing: 0px 0px; color: =
rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: =
normal; font-variant: normal; font-weight: normal; letter-spacing: =
normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 14px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 14px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 14px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 14px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><span =
class=3D"Apple-style-span" style=3D"border-collapse: separate; =
border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant: normal; font-weight: =
normal; letter-spacing: normal; line-height: normal; text-align: auto; =
-khtml-text-decorations-in-effect: none; text-indent: 0px; =
-apple-text-size-adjust: auto; text-transform: none; orphans: 2; =
white-space: normal; widows: 2; word-spacing: 0px; "><div style=3D"; =
font-size: 12px; "><font class=3D"Apple-style-span" size=3D"4"><span =
class=3D"Apple-style-span" style=3D"font-size: =
14px;"><br></span></font></div><div style=3D"font-size: 12px; "><br =
class=3D"khtml-block-placeholder"></div><div style=3D"font-size: 12px; =
"><span class=3D"Apple-style-span" style=3D"font-size: 12px; "><span =
class=3D"Apple-style-span" style=3D"font-size: 12px; "><span =
class=3D"Apple-style-span" style=3D"font-size: 12px; "><span =
class=3D"Apple-style-span" style=3D"font-size: 12px; "><span =
class=3D"Apple-style-span" style=3D"font-size: 12px; "><span =
class=3D"Apple-style-span" style=3D"font-size: 12px; =
">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D</span></span></span></span></span></span></div><div =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; ">Monique =
Yeaton</span></span></span></span></span></span></div><div =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; ">IT Security Awareness =
Consultant</span></span></span></span></span></span></div><div =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; ">MIT Information Services & Technology =
(IS&T)</span></span></span></span></span></span></div><div =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; ">(617) =
253-2715</span></span></span></span></span></span></div><div =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><span class=3D"Apple-style-span" =
style=3D"font-size: 12px; "><a =
href=3D"http://web.mit.edu/ist/security">http://web.mit.edu/ist/security</=
a></span></span></span></span></span></span></div><div style=3D"font-size:=
12px; "><br class=3D"khtml-block-placeholder"></div><br =
class=3D"Apple-interchange-newline"></span></span></span></span></span></s=
pan></span></div></span> </div><br></body></html>=
--Apple-Mail-50--1053797138--
--===============0268783608==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0268783608==--
